WCF Certificates without Certificate Store

Question

My team is developing a number of WPF plug-ins for a 3rd party thick client application. The WPF plug-ins use WCF to consume web services published by a number of TIBCO serv

Answer 1

I'm the guy who got Kane (our SO lackey!) to ask the original question. I thought I'd finally create an account and post our findings / results / experiences in regards to the answer posted by Aaronaught (so any credit to him above).

We tried adding a custom behaviour as suggested above and setting the behaviourConfiguration on the endpoint configuration element to use it. We couldn't get the code to fire at all so ended up going with a programmatic approach.

As we had a wrapper class set up to build a ClientBase object we used our existing creation functions to add the behaviour after building all the other parts of the ClientBase.

We ran into a few issues doing this also, namely that a ClientCredentials behaviour was already being defined for our ClientBase authenticating with a Username and Password rather than our Certificate + Username and Password. So we removed the existing behaviour programmatically before adding our new certificate based behaviour (with the Username and Password injected) as a temporary measure for testing. Still no dice, our behaviour was being constructed and ApplyClientBehavior was being fired but the service was still falling over when Invoke was called (we never got the real Exception due to a bunch of using statements that were difficult to refactor out).

We then decided instead of removing the existing ClientCredentials behaviour that we would just inject our certificate into it before letting the whole lot procede as normal. Third times a charm and it's all up and working now.

I'd like to thank Aaronaught (and I would vote up if I could!) for putting us on the right trail and providing a well thought out and useful answer.

Heres a small code snippet of it up and running (using a test .CRT file).

     protected override ClientBase CreateClientBase(string endpointConfigurationName)
    {
        ClientBase clientBase = new ClientBase(endpointConfigurationName); // Construct yours however you want here

        // ...

        ClientCredentials credentials = clientBase.Endpoint.Behaviors.Find();

        X509Certificate2 certificate = new X509Certificate2();
        byte[] rawCertificateData = File.ReadAllBytes(@"C:\Path\To\YourCert.crt");
        certificate.Import(rawCertificateData);

        credentials.ClientCertificate.Certificate = certificate;

        return clientBase;
    }

As another side note, as part of testing we removed all our certificates from the local machine store, this actually caused a problem using Fiddler. Fiddler didn't detect our client certificate because it was purely in memory and not in the the trusted store. If we added it back in to the trusted store then Fiddler started to play nice again.

Thanks again.